Browser or webpage, who provides the encryption?

[pointertovoid 6]

Hello everyone and everybody!

When I visit an https website where I provide data that must be encrypted (identifiers for instance), who provides the encryption, among my browser and the website? I attach an example with Firefox used to log at Yahoo.

I vaguely imagine that the browser (relying possibly on the OS) provides cryptographic services, the webpage tells "please encrypt the user's identifiers" and "I understands these codes and protocols", then the browser looks for a set of codes and protocols spoken on both sides, then they define and exchange some keys and transfer the data. Is that it?

Thank you!

[Tripredacus 401]

They both do. They are using a standard method, for example you can see it mentioned in bold where it says Connexion chiffree. The web server may use a specific standard, and the browser supports multiple standards. When the browser goes to the site, it will inform that it will be using x type of connection. The browser understands how to communicate in this way and then the two ends can talk.

So it stands to reason that an outdated browser may not work properly, if at all, with a website using a modern form of encryption. This is likely why you hear about some websites outright blocking older browsers from connecting to them, or displaying broken content or a blank screen.

[pointertovoid 6]

Thanks Tripredacus! That's clearer.

And is there any known weakness in the GCM mode of AES provided by Firefox?

I've seen it's a pseudorandom sequence mode (sequence xor plaintext = cyphertext), which is **** difficult to program without introducing weaknesses. For a month, Yahoo uses a new login page, where I first type my identifier, and then the page refreshes and I type my password. So if the pseudorandom sequence is somehow linked between both uses by the same page, for instance if it's identical, the user loses. An attacker knowing the identifier and hearing the connection deduces the pseudorandom sequence then the password.

I don't see why programmers for encrypted pages go for pseudorandom sequences. Normal modes like codebook or chained codebook are as easy and not so horribly dangerous.

[pointertovoid 6]

More worries: Paypal has switched to a stream cipher for its login.

It's not exactly the GCM mode but one said to give a better guarantee that the initial vector is unique, oh good.

Knowing that

• A stream cipher is inherently more dangerous than the block mode or chained block;
• It's obviously as slow as a block mode - whatever nonsense Wiki repeats about AES, it needs one block encryption per data block too,

I just wonder WHY so many programmers switch to stream ciphers, including now Paypal which had made sensible choices up to now and had been virtually immune of the attacks that broke Wanadoo, Yahoo and the others.

Or do they all give in to the orders of gov' agencies that want to spy everything by collapsing the individual and collective resilience to any attack, including a foreign one?